Passwords in clear text in configuration.php

Discussion regarding Joomla! 1.5 security issues.
Joomla! Vulnerable Extensions: ... Extensions

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Joomla! Intern
Joomla! Intern
Posts: 83
Joined: Thu Nov 22, 2007 3:40 am

Passwords in clear text in configuration.php

Post by iceangel89 » Tue Dec 25, 2007 2:40 am

i see my passwords in clear text in configuration.php, isn't that bad? although the configuration.php isn't supposed to be readable by the public, but i think i am quite sure many including me after installing joomla will forget to CHMOD back, and whats a good value for that file (configuration.php)?

User avatar
Joomla! Master
Joomla! Master
Posts: 22590
Joined: Thu Aug 18, 2005 8:55 pm
Location: Nijmegen, Netherlands

Re: Passwords in clear text in configuration.php

Post by pe7er » Tue Dec 25, 2007 4:58 pm

It is not bad that the MySQL database password is in clear text in your configuration.php
If it was not (e.g. MD5 encrypted) then Joomla would not be able to make a connection to the database, and your site would not work.

644 is a good value for configuration.php

Background info: FAQ: Joomla! Permissions Overview,121470.0.html
Kind Regards,
Peter Martin, Global Moderator - Joomla specialist, Nijmegen, Nederland
Co-developer of d2 Content



Return to “Security in Joomla! 1.5”